Meta's AI Support Bot Used to Hijack Over 20,000 Instagram Accounts
Hackers exploited a bug in Meta's AI chatbot to take over more than 20,000 Instagram accounts, the company confirmed in a regulatory filing with Maine. The vulnerability allowed attackers to request password resets through the support tool without owning the target accounts.
Meta's AI chatbot failed to verify that an email address matched the account being reset. When someone asked the bot to reset a password and provided an unrelated email address, the system sent the reset link to that email instead of rejecting the request. Attackers used this flaw to gain access to accounts they didn't own.
How the Attack Worked
The bug existed in a separate code path from the chatbot itself. Meta said the tool "worked properly and functioned as intended," but the verification system didn't check whether the email belonged to the account owner.
Once attackers received a password reset link for a victim's account, they could change the password and lock out the legitimate user. The attack bypassed two-factor authentication entirely.
Timeline and Impact
The attack surfaced on May 31st. Meta said it resolved the issue on June 1st, a single day later.
High-profile accounts were compromised during this window, including former President Barack Obama's White House account, the U.S. Space Force Chief Master Sergeant John F. Bentivegna, and Sephora's Instagram account.
Thirty of the 20,225 affected users lived in Maine, according to Meta's filing.
What Data May Have Been Exposed
Meta said it's unaware whether attackers accessed personal data from the compromised accounts. However, account hijackers could have obtained email addresses, phone numbers, birthdates, direct messages, posts, profile information, account activity, and linked accounts.
The company did not specify whether any of these data types were actually accessed in this incident.
What This Means for Customer Support Teams
This incident highlights the risks when AI for Customer Support systems handle account security tasks. Generative AI and LLM tools must include robust verification logic to prevent unauthorized access, even when the core chatbot functions correctly.
Support teams relying on AI bots for password resets or account recovery should review their verification requirements. A bug in a secondary system can expose millions of accounts to takeover.
Your membership also unlocks:
